Security

Barra de busca
Voltar para Security Alert

Elastic Stack and Liferay Enterprise Search Security Advisory: CVE-2022-38900

The following issues may affect the functionality of your Liferay DXP, Liferay Enterprise Search environment and your Elastic Stack.

Vulnerability Information

Kibana authenticated Denial of Service issue (ESA-2023-02)

A flaw (CVE-2022-38900) was discovered in one of Kibana’s third party dependencies, that could allow an authenticated user to crash the Kibana server process.

Affected Versions:

Kibana 7.x versions prior to 7.17.9 and Kibana 8.x versions prior to 8.6.1

Solutions and Mitigations:

Users are suggested to upgrade to 7.17.9 and 8.6.1

CVSSv3: 6.5 (Medium) - AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CVE ID: CVE-2022-38778

 

Search Engine Compatibility Matrix

Reference the information here for the detailed Elasticsearch compatibility including the compatible connector versions and required patch levels.

Source

https://discuss.elastic.co/t/elastic-7-17-9-8-5-0-and-8-6-1-security-update/324661

Elastic, Elasticsearch, and X-Pack are trademarks of Elasticsearch BV, registered in the U.S. and in other countries.

On this page